WordPress plugin EmbedPress security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-1425

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input...

CVE-2024-1425

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input...

CVE-2024-1349

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.8 due to insufficient input...

CVE-2024-1349

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.8 due to insufficient input...

Cross site scripting

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input...

WordPress Plugin EmbedPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Plugin EmbedPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-1349 EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.8 due to insufficient input...

CVE-2024-1349

CVE-2024-1349 concerns the WordPress plugin EmbedPress (Embed PDF, YouTube, Google Docs, Vimeo, Wistia, etc.). Public records confirm a Stored Cross-Site Scripting vulnerability via the plugin’s shortcodes in versions up to 3.9.8 due to insufficient input sanitization and output escaping on user-...

CVE-2024-1349 EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.8 due to insufficient input...

CVE-2024-1425 EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input...

CVE-2024-1425

CVE-2024-1425 : The WordPress plugin EmbedPress (Embed PDF, YouTube, Google Docs, Vimeo, Wistia, etc.) is affected by a stored XSS in the Google Calendar Widget Link for all versions up to 3.9.8. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling...

PT-2024-17963 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.8 Description: The issue is related to Stored Cross-Site Scripti...

PT-2024-18035 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.8 Description: The issue is related to Stored Cross-Site Scripti...

WordPress EmbedPress Plugin <= 3.9.8 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 3.9.8 Fixed in 3.9.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1425 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 71ace84cfcd8 Credits wesley wcraft Required...

WordPress EmbedPress Plugin <= 3.9.8 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 3.9.8 Fixed in 3.9.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1349 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 79f71664ac39 Credits Richard Telleng stueotue...

EmbedPress < 3.9.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link

Description The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to...

EmbedPress < 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.8 due to insufficient...

EmbedPress < 3.9.5 - Missing Authorization

Description The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the savesourcedata and deletesourcedata functions i...